1 Answer
1

You should make sure that you're using strong passwords or disable SSH completely.

If you need SSH, you can use Synology's Auto Block feature to auto block IP addresses when they fail to log in.

Since the last update of DSM you can block IP addresses per country. So you could choose to block all IP addresses from China. Please note that this detection may not always be 100% accurate but it'll block most of the IP addresses of China.

You could also use SSH keys, this is the most secure way of SSH authentication. This will disable password logins. I don't know if this is possible on Synology out of the box.

Note: I don't know if failed WordPress login attempts will also trigger Synology's Auto Block feature. WordPress doesn't have any brute force protection installed by default, so I recommend you to use Google Authenticator (2 factor authentication, or a similar plugin) for your WordPress installation. You can also enable 2 factor authentication for DSM.

Note: when I had my Synology accesible from the internet, I had like over 500 blocked IP addresses within a year. I have set my AutoBlock to 3 attempts in 60 minutes with no expiration.

Thanks. I believe failed WordPress login attempts do trigger the Synology Auto Block since I do not have SSH even enabled on the Synology OS itself. The only area that has SSH enables is WP. The 2nd note gives good perspective, too.
– Andy LevesqueApr 25 '14 at 21:29